A Google researcher warned users with iOS, Android, and Windows devices to be cautious of the growing vulnerabilities done by the zero-day hackers.
Last February, the same group exploited four vulnerabilities using different types of attacks, mainly the obfuscation methods and novel exploitation. The danger posed through an array of multiple exploitations was discovered by Project Zero, a crew of select security experts from Google, as well as the company's Threat Analysis Group.
The Group of Hackers Are Yet to Be Caught
Maddie Stone, a researcher from Project Zero, stated that the notorious team of hackers are behind past and recent undetermined attacks, which have involved exploitations of iOS devices along with Android and Windows-based gadgets.
Arstechnica reported that the said hackers used techniques that include watering-hole attacks, where malware installation became rampant. Through the special codes, hackers can now transfer malicious files to the vulnerable devices of the users.
To exemplify how watering-hole works, the users, for instance, will go to a malicious website that the hackers use to infect their victims' devices with malware. Even for those who use browsers, the scale of the attack is unforeseen.
What happened last 2020 only involved Android and Windows exploitation, while the recent attacks also affected the iOS devices.
The group was believed to be the best experts in destroying Windows and Apple devices, like in the case of Google Chrome and Safari, where the attackers easily invaded them.
The spread of the organized attack unveiled how zero-days worked. It was done through a code execution exploit created by the hackers. The exploit will target the Chrome V8 engine and will further expose it to a severe cyber attack.
The Types of Zero-Days Vulnerabilities
On Google Project Zero's blog on Mar. 18, Stone mentioned that vulnerabilities come in the form of JIT vulnerability up to a font bug cache. This led the experts to study how the exploits developed, so they can conclude how the vulnerabilities happened.
Meanwhile, Project Zero said that the hackers used the exploitation method for the Chrome Freetype zero-day. In the said attack, there is some information that Google has discovered involving the obfuscation methods used, as well as the vulnerability in the iOS kernel privilege.
Researchers from the tech giant have collected a full chain that targeted Windows 10 through Google Chrome. They also discovered two partial chains intended to target Android devices that are powered by Android 10. It is being run with the use of Samsung Browser and Chrome.
The last one is the RCE (Remote Code Execution) exploit focused on iOS 11 and iOS 13. Besides RCE, the privilege escalation exploits also targeted the later iOS version.
Here are the seven zero-days that the security analysts found out:
CVE-2020-15999 - Chrome Freetype heap buffer overflow
CVE-2020-17087 - Windows heap buffer overflow in CNG. sys
CVE-2020-16009 - Chrome type confusion in TurboFan map deprecation
CVE-2020-16010 - Chrome for Android heap buffer overflow
CVE-2020-27930 - Safari arbitrary stack read/write via Type 1 fonts
CVE-2020-27950 - iOS XNU kernel memory disclosure in mach message trailers
CVE-2020-27932 - iOS kernel type confusion with turnstiles
"Google has been able to patch vulnerabilities quickly because Chrome is a cloud-based solution across Windows, Mac, Android, iOS, and other devices. This is a good example of why it's important to use a cloud-based solution rather than legacy apps that are supported by on-premise infrastructure," Lookout Security Solutions Senior Manager Hank Schless said in a report by Security Magazine.
This article is owned by Tech Times.
Written by Joen Coronel